Tor .onion Domain Gets Security Enhancement with IETF Approval

by Tracy Knauer • September 20, 2015

The Internet Engineering Task Force (IETF) has made private and anonymous Internet browsing easier by officially granting special status to the .onion domain name. Now, Tor users can be more certain that their tracks are hidden when they visit sites that use the .onion domain.

The change’s chief significance is that it makes it impossible to access sites using the .onion domain without running Tor. Previously, since .onion was not officially endorsed by the IETF, it counted as a “pseudo top-level domain” — which meant it could be used to host sites and other data that was accessible via normal Internet protocols, rather than solely via Tor.

In more technical terms, the IETF has specified that Web browsers and any other applications that connect to sites hosted on the .onion domain must recognize it as a special domain. If the apps don’t support Tor, they must produce an error when attempting to access .onion sites, rather than looking them up.

In addition, according to the new specification, .onion domains can be resolved — that is, translated from human-readable names into IP addresses via the process known as DNS resolution — only via Tor. That provides additional protection against eavesdropping on a user’s Internet activity by sniffing his or her DNS lookup requests.

Last but not least, the change makes it easier for site developers to use SSL certificates for data hosted on the .onion domain. As a result, supporting the encrypted https protocol — rather than unencrypted http communications — will be simpler in standard browsers like Firefox and Chrome.